On the Internet, a user can use a username and a password to log into a user account that the user has registered at a server. That is, a user sends a login request message carrying a username and a password to a server, the server acquires a corresponding password according to the username carried in the login request message, and if the acquired password is identical with the password carried in the login request message, the user is allowed to log into the user's corresponding user account.
At present, some lawbreakers can use the above login process to acquire a user's username and password, which poses a threat to account security, and the lawbreakers can take advantage of a loophole on a server to acquire a large number of usernames and a lot of passwords, and then try out a password corresponding to each username from a lot of passwords through a user account hacking program. For any username, the user account hacking program can select a password and send a login request message carrying the username and the selected password to the server to request logging into the server. If the login succeeds, the selected password is found to be the password corresponding to the username. If the login fails, another password is selected.
During the process of implementing the present application, the user account hacking program can use the existing user account login method to try out a user's username and password, which poses a great threat to the user's account security.